illmob.org

Dumping Physical Memory to extract SAM Hashes

March 21st, 2009 by admin in Password Info, Privilege Escalation, windows

Tools Needed : MDD pyCrypto Volatility 1.3 Beta Volatility Plugin from Moyix ManTech Memory DD (MDD) (http://www.mantech.com/msma/MDD.asp) is released under GPL by Mantech International. MDD is capable of copying the complete contents of memory on the following Microsoft Operating Systems: Windows 2000, Windows XP, Windows 2003 Server, Windows 2008 Server. After downloading MDD from the Mantech site you need to run (more…)

Dialupass Beta

December 9th, 2008 by admin in Password Info, windows

Dialupass is one of the oldest nirsoft utilities for extracting dialup passwords.
The newer beta has one useful new feature: You can now extract the dialup passwords from an external instance of Windows 2000/XP/2003 (In Advanced Options).

Dialupass 3 is not officially released yet, but you can download a Beta version from here.

View LSA Secrets On An External Drive

December 9th, 2008 by admin in Password Info, windows

The new version of LsaSecretsView from nirsoft allows you to extract the LSA secrets from an external instance of Windows operating system. This feature can be useful if you have a dead system that cannot boot anymore.
You can use this feature from the user-interface, by using the ‘Advanced Options’ in the File
menu, or from command-line, by using the /external parameter.
This feature was also added to LSASecretsDump, which is the console version of LsaSecretsView.

Be aware the currently this feature works for Windows 2000/XP/2003, but not for Windows Vista.

New Windows RPC Exploit

October 26th, 2008 by admin in windows

If you haven’t been auto-updated yet make sure you do. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit.
http://blogs.technet.com/swi/archive/2008/10/23/More-detail-about-MS08-067.aspx

http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx

Recovering Internet Explorer Passwords: Theory and Practice

July 6th, 2008 by Dev Team in News, Password Info, windows

Brief introduction on how Internet Explorer stores its passwords

(more…)